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Abstract. In this work, Pseudo- Random Bit Generation (PRBG) based 
on 2D chaotic mappings of logistic type is considered. The sequences gen- 
erated with two Pseudorandom Bit Generators (PRBGs) of this type are 
statistically tested and the computational effectiveness of the generators 
is estimated. The role played by the symmetry and the geometrical prop- 
erties of the underlying chaotic attractors is also explored. Considering 
these PRBGs valid for cryptography, the size of the available key spaces 
are calculated. Additionally, a novel mechanism called symmetry-swap is 
introduced in order to enhance the PRBG algorithm. It is shown that it 
can increase the degrees of freedom of the key space, while maintaining 
the speed and performance in the PRBG. 
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1 Introduction 

Pseudo-Random Bit (or Number) Generation is a subject of high interest and 
broad application in many scientific and engineering areas [1], [2], [3]. Pseudo- 
Random Bit Generators (PRBGs) are implemented by deterministic numeric 
algorithms and they should pass several statistical tests [4], [5], [6], to prove 
themselves to be useful. The requirements of randomness in these generators 
vary according to their application, realizing in cryptography their most stringent 
demands [4] . 

Over the last two decades, several works have implemented PRBGs for cryp- 
tography based on chaotic systems (an extensive survey can be found in [7]). 
Chaotic systems have the property of being deterministic in the microscopic 
space and behave randomly, when observed in a coarse-grained state-space. Their 
sensitivity of chaotic maps to initial conditions make them optimum candidates 
to relate minimal critical information about the input in the output sequence [8] . 
Their iterative nature makes them fast computable and able to produce binary 
sequences with extremely long cycle lengths [9] . 

In 2006, Madhekar Suneel proposes in [10] a method for pseudo-random bi- 
nary sequence generation based on the two-dimensional Henon map. The pseu- 
dorandom sequences generated with this algorithm show good random properties 
when subjected to different statistical tests suites. The author also indicates that 



the choice of the Henon map is rather arbitrary and that similar results should 
also be attainable with other 2D maps. 

The present explores precisely this possibility, and presents a finite automata 
scheme as the key to achieve that. This comprehensive scheme is then applied 
to two particular chaotic maps presented in [11]. These 2D dynamical systems 
are formed by two symmetrically coupled logistic maps. The refined knowledge 
of the chaotic systems under study (i.e., its geometry) makes possible to obtain 
the finite automata and to extent the method in [10] to this type of chaotic 
mappings. The pseudo-random properties of the generators obtained that way 
are investigated. The evaluation of the potential range of input parameters and 
the computational cost of the algorithm makes them worth to be considered for 
cryptographic applications. 

The chaotic PRBG algorithm here described can be used in different ways. 
Focusing on cryptography, one of its applications and maybe the most imme- 
diate, could be the construction of practical stream ciphers. In this way, the 
chaotic PRBG can expand a short key into a long keystream, which directly 
exclusive-or'ed with the clear text or message, gives the ciphertext. 

The interest of PRBG based on these mappings of logistic type arises from the 
fact that they present interesting geometrical symmetries. These could offer ad- 
ditional advantages to the randomization algorithm. In fact, a novel mechanism 
to enhance PRBG is proposed in this paper. This mechanism could be applied 
to chaotic PRBGs based on mappings with the same symmetry characteristics. 

The paper is structured as follows: Section 2 introduces some basic concepts 
about chaotic PRBG. Section 3 describes statistical testing to asses PRBG ran- 
domness. Section 4 explains the PRBG algorithm applied to the Henon map and 
infers the finite automata that describes its dynamics. In Section 5 the finite au- 
tomata scheme is used to obtain PRBG based on a two-dimensional symmetrical 
chaotic map of logistic type. Several sequences are obtained and their random- 
ness is tested. The computational cost and key space for cryptographic applica- 
tions arc effectively evaluated. Section 6 presents an enhancement of the PRBG 
algorithm, based on the symmetry properties of these chaotic maps. Section 7 
exposes the final conclusions. 

2 Chaotic Random Bit Generation 

The inherent properties of chaos, such as ergodicity and sensitivity to initial 
conditions and control parameters, connect it directly with cryptography char- 
acteristics of confusion and diffusion [12], [13]. 

Additionally chaotic dynamical systems have the advantage of providing sim- 
ple computable deterministic pseudo-randomness. As a consequence of these ob- 
servations, several works were presented since 1990s implementing PRBGs based 
on different chaotic systems [8], [9], [10], [14], [15]. In some way, it could be 
said that chaos has brought into being a novel branch of PRBGs in cryptography, 
called chaotic PRBGs. 



An N-dimcnsional deterministic discrete-time dynamical system is an itera- 
tive map / : $t N ft N of the form: 

X k+1 = f(X k ) (1) 

where k — 0, 1 . . . n. is the discrete time and Xq, X\ . . . X n , are the states of 
the system at different instants of time. 

In these systems, the evolution is perfectly determined by the mapping / : 
$i N — > $l N and the initial condition Xq. Starting from Xq, the initial state, the 
repeated iteration of (1) gives rise to a fully deterministic series of states known as 
an orbit. Different models of N— dimensional discrete-time mappings have been 
studied, and under certain circumstances complex behaviour in time evolution 
has been shown. The one-dimensional cases have been deeper analyzed [16], the 
cases with N=2 have also several well explored examples [17], but as N increases 
the complexity grows and less literature is found with a well documented analysis 
of the chaotic properties of the mapping [18]. 

To build a chaotic PRBG is necessary to construct a numerical algorithm 
that transforms the states of the system in chaotic regime into binary numbers. 
The existing designs of chaotic PRBGs use different techniques to pass from the 
continuum to the binary world [7]. The most important are: 

1. Extracting one or more bits from each state along chaotic orbits [8], [19]. 

2. Dividing the phase space into m sub-spaces, and output a binary number 
i = 0, 1, , m — 1 if the chaotic orbit visits the i t h subspace [9], [10]. 

3. Combining the outputs of two or more chaotic systems to generate the 
pseudo-random numbers [14], [15]. 

At that point an important divergence appears. We have to remark that 
chaos implemented on computers with finite precision is normally called "pseudo 
chaos" . In pseudo chaos dynamical degradation of the chaotic properties of the 
system may appear, for throughout iterations pseudo orbits may depart from 
the real ones in many different and uncontrolled manners [7], [20]. 

Even so, the above exposed techniques are capable of generating sequences of 
bits, which appear random-like from many aspects. One must only consider their 
implementation in a sensitive way to minimize dynamical degradation. Therefore 
a detailed study is normally required on the dynamics of the chaotic system. This 
will guarantee that the PRBG passes the required statistical tests and can be 
easily implemented with simple and fast software routines. 

As a final hint to help in this process, one may consider as an advantage 
the idea of using high dimensional chaotic systems. While less known, these 
systems whirl many variables at any calculation. Therefore the periodic patterns 
produced by the finite precision of the computer are more difficult to appear than 
in the low dimensional case [21]. 

In this paper the technique of dividing the phase space is followed and applied 
on two symmetrical two-dimensional (2D) chaotic maps of logistic type. 



3 Statistical Tests Suites 



In general, randomness cannot be mathematically proved. Alternatively, different 
statistical batteries of tests are used. Each of these tests evaluates a relevant 
random property expected in a true random generator. These properties may 
correspond to specific physical systems or to given statistical characteristics. To 
test a certain randomness property, several output sequences of the generator 
under test are taken. As one knows a priori the statistical distribution of possible 
values that true random sequences would be likely to exhibit for that property, 
a conclusion can be obtained upon the probability of the tested sequences to be 
random. 

Mathematically this is done as follows [4]. For each test, a statistic variable X 
is specified along with its correspondent theoretical random distribution function 
f(x). For non-random sequences, the statistic can be expected to take on larger 
values, typically far-out in the tails of f(x). A critical value x a is defined for the 
theoretical distribution so that P(X > x a ) = a, that is called the significance 
level of the test. In the same way, theoretically other distribution functions and 
a (3 value could be defined to assess non-random properties. But in practice, it is 
impossible to calculate all distributions that describe non-randomness, for there 
are an infinite number of ways that a data stream can be non-random. 

When a test is applied, the test statistic value X s is computed on the sequence 
being tested. This test statistic value X s is compared to the critical value x a . 
If the test statistic value exceeds the critical value, the hypothesis for random- 
ness is rejected. The rejection is done with a (100 * a)% probability of having 
FALSE POSITIVE error. This is called a TYPE I error, where the sequence 
was random and is rejected. Otherwise is not rejected (i.e., the hypothesis is 
accepted) with a probability of (100 * j3)% of error. This is called TYPE II error 
or FALSE NEGATIVE, the sequence was non-random and is accepted. As a 
consequence, passing the test merely provides a probabilistic evidence that the 
generator produces sequences which have certain characteristics of randomness. 

For a given application, the value of a must be selected appropriately. This 
is because if a is too high, TYPE I errors may frequently occur (respectively, 
if a is too low the same will happen for TYPE II errors). For cryptographic 
applications typical values of a are selected in the interval ae[0.001, 0.01], which 
is also referred as a confidence level for the test in the interval [99.9%, 99%]. 
Unlike a, (3 is not fixed, for it depends on the non-randomness defects of the 
generator. Nevertheless a, (3 and the size (n) of the tested sequence are related. 
Then for a given statistic, a critical value and a minimum n should be selected 
to minimize the probability of a TYPE II error (/3). 

There exist different well-known sources of test suites available, such as those 
described by Knuth [6], the Marsaglias Diehard test suite [5] or those of the 
National Institute of Standards and Technology (NIST) [4]. But there are many 
more, perhaps not so nicely packaged as in the works mentioned above, but still 
useful ( [22], [23], etc.) . In these collections of tests, each test tries a different 
random property and gives a way of interpreting its results. 



In the present work, Marsaglia's Diehard test suite (in [5]) and NIST Sta- 
tistical Test Suite (in [4]) were selected, for they are very accessible and widely 
used. Table 1 lists the tests comprised in these suites. 



Number 


Diehard test suite 


NIST test suite 


1 


Birthday spacings 


Frequency (monobit) 


2 


Overlapping 5-permutation 


Frequency test within a block 


3 


Binary rank test 


Cumulative sums 


4 


Bitstream 


Runs 


5 


OPSO 


Longest run of ones in a block 


6 


OQSO 


Binary matrix rank 


7 


DNS 


Discrete fourier transform 


8 


Count-the-l's test 


Non-overlapping template matching 


9 


A parking lot 


Overlapping template matching 


10 


Minimum distance 


Maurer's universal statistical 


11 


3D-spheres 


Approximate entropy 


12 


Squeeze 


Random excursions 


13 


Overlapping sums 


Random excursions variant 


14 


Runs 


Serial 


15 


Craps 


Linear complexity 



Table 1. List of tests comprised in the Diehard and NIST test suites. 



In each test, the statistic value X s is obtained and used to calculate a p- 
value that summaries the strength of evidence against the randomness of the 
tested sequence. In Marsaglia's Diehard test suite, p-values should lie within 
the interval [0, 1) to accept the PRBG. In NIST Statistical Test Suite, p-values 
should be greater than a for acceptance. 

4 Pseudo-Random Bit Generation based on the Henon 
Map 

In [10], an algorithm is presented to obtain a chaotic PRBG using the Henon 
map. The Henon map [24] is a 2D discrete-time non linear dynamical system 
represented by the state equations: 

x k+1 = ax\ +y k + l, 
Uk+i = bx k . 

This system depends on two parameters, a and b. Depending on the values 
of these parameters the system may be chaotic, intermittent, or converge to a 
periodic orbit. The map has a so called canonical form for the parameter values 
a = 1.4 and b — 0.3 which is depicted in Fig. 2. For the canonical values the 
Henon map presents a chaotic attractor. This means that an initial point of the 



(2) 



plane will cither approach a set of points known as the Henon strange attractor, 
or diverge to infinity. 

In Fig. 1 the functional block structure of algorithm [10] is represented and 
it is explained in the following paragraphs. 




In this case, the technique of dividing the phase space in four sub-spaces 
is used. This is done in the block named as Sub-space decision in which the 
threshold values, t x and r y , are employed to convert the points into a binary 
sequence, by means of the following equations: 

? * X - Tx ; = * y ~ Ty . (3) 

1 if x > r x ' v \1 if y > T y w 

A purely statistical procedure is proposed in [10] to obtain t x and r y . They 
are calculated as the medians of a large T set of x values (for r x ) and y values (for 
T y ). More precisely, the value of t x and t v are the medians of the first T = 1000 
iterations of the system. Fig. 2(a) shows, as an example, one orbit of the Henon 
map with the r values and subspaces considered for that case. 

After obtaining S x = {b x }°^L 1 and S y = {6*}^ lf they are sampled with a 
frequency of 1/P (each P iterations) and B x = {b% "j^ and B v = {ft^^jgi 
are obtained. The effect of skipping P consecutive values of the orbit is necessary 
to get a random macroscopic behaviour. With this operation, the correlation ex- 
isting between consecutive values generated by the chaotic system is eliminated, 
in a way such that over a P m im sequences generated with P > P m in will appear 
macroscopically random. Although P is normally introduced as an additional 
key parameter in pseudo-random sequences generation [25], it strongly deter- 
mines the speed of the generation algorithm. Consequently it is recommended 
to be kept as small as possible. 

The output binary pseudorandom sequence O(j) is obtained in the block 
named Binary mixing in Fig. 1. Here a mixing operation is performed with the 



current and previous values of the sequence B(j) = [B x (j), B y (J)]. The operation 
is given by the truth table sketched in Table 2. 





By(j - 1) 


By(j-2) 





1 







NotCS. (j)) 


1 


By(j) 


Nat(B y (j)) 



Table 2. Truth table generating the binary sequence. 



In the exposed algorithm the selection of the r values is the determinant 
factor for a uniform distribution of each of the coordinates of the phase states 
within different sub-spaces. According to [10], these values should be chosen in 
a way that approximately half of the x (or y values) obtained over the iterations 
of the system lay at each side of the threshold. 

This fact leads us to consider the interest of analyzing in detail the operations 
performed in the Henon system and Sub-space decision blocks of Fig. 1. The 
objective is to trace the visits of the orbit states into each sub-space, consequently 
gaining knowledge of how to obtain the binary sequence \b l x , by] . 

Fig. 2(a) presents the evolution of the Henon system in the phase space for 
a given set parameters and initial conditions. The phase space is divided in 4 
sub-spaces, which are named as 1,2,3 and 4 according with the different outputs 
[b x ,b y ] of the Sub-space decision block. The output values [0,0], [1,0], [0,1] and 
[1, 1] correspond to sub-spaces names 1,2,3 and 4 respectively. 

0.4 
0.3 
0.2 
0.1 


-0.1 
-0.2 
-0.3 
-0.4 

(a) (b) 

Fig. 2. (a) Representation of the canonical Henon map with parameters values 
a = 1.4 and b — 0.3. The picture shows 3000 iterations from the initial state 
Xo = [—0.75, —0.02]. The r values calculated after the first T = 1000 iterations are 
r x — 0.404659 and t v = 0.121397.(b) Finite state automaton summarizing the distri- 
bution of visit of each sub-space. 




According to Fig. 2(a), at one instant of time i, one sub-space is visited and 
this give the corresponding values [b x , b y ]. As the system evolves, the movement 
between the different sub-spaces can be resumed in the finite state automaton 
represented of Fig. 2(b). This automata summarizes the complete behaviour of 
the blocks under study and can be described as follows: 

(a) The 80% of the time, there is a bi-directional oscillation between sub-spaces 
2 and 3 (equally balanced with a 50%). Apparently there are no consecutive 
visits of the same sub-space. This leads to an oscillation of [1, 0] and [0, 1] 
between the binary states of the sequence [b l x , b y ] . 

(b) The rest 20% of the visits are equally distributed into sub-spaces 1 and 4 
(with a 50% each). It may make small runs in 1 or 4, but normally the system 
mainly spins in counter clock direction around the center of the subspaces 
division. It circles around 3-1-2, or 2-4-3 to fall in the 3-2 oscillation, or it 
makes a complete round along 1-2-4-3. This leads to an oscillation between 
the binary states of the sequence b y (entry value in binary mixing equation 
of Table 2, as B y (j - 1) and B y (j - 2)). 

Although the four sub-spaces are not visited equally, there exists a symmetry 
of movements between sub-spaces 1-3 and 2-4, which has a characteristic mixing 
of 50% and 50%, as long as a predominant (80%) and constant transition between 
3 and 2. This leads to a highly variation of binary values in sequences S x , S y . In 
the end, these conditions give the final result of an output sequence O(j) with a 
proper balance of zeros and ones, or put it in another way, with pseudo-random 
properties. 

5 Pseudo-Random Bit Generation based on 
two-dimensional chaotic maps of logistic type 

As it has been exposed the choice of the Henon in Fig. 1 was rather arbitrary and 
similar results should also be attainable with other 2D maps [10]. This means 
that a substitution of the Henon system block by any other 2D chaotic system 
would potentially produce O(j) sequences with pseudo-random properties. 

To prove the generality of the algorithm, the present paper explores the 
application of Fig. 1 to a specific family of 2D chaotic maps, quite different in 
nature and geometrical properties to the Henon map. 

5.1 Pseudo-Random Bit Generator 

In [11], Lopez- Ruiz and Perez-Garcia analyze a family of three chaotic systems 
obtained by coupling two logistic maps. The focus here will be made on models 
(a) and (b), which will be called Logistic Bimap system A and B: 



SYSTEM A : 

T A : [0, 1] x [0, 1] — » [0, 1] x [0, 1] 

x„+i = A(3y„ + l)x„(l - x n ) 
Vn+i = A(3x„ + l)y n (l - y n ) 



SYSTEM B : 

T B : [0, 1] x [0, 1] — > [0, 1] x [0, 1] 

(4) 

X n+ x = \(3x n + l)t/„(l - y n ) 

Vn+1 = A(3y„ + l).x„(l - x n ) 



Amazingly, these systems show the following symmetry Ta{x,u) = Tb(i/,x), 
which implies that T^(x,y) — Tg(x,y). From a geometrical point of view, both 
present the same chaotic attractor in the interval A £ [1.032,1.0843]. The dy- 
namics in this regime is particularly interlaced around the saddle point P4, that 
plays an important role for our proposes: 




P4 = [PA X , P4 y ], where PA X = P4 V = - 1 + W4 - - . (5) 



On the other hand, their dynamics have some differences. In Fig. 3 one can 
see one orbit and the spectrum for both systems with a given set of equal initial 
conditions. 




It can be seen in Fig. 3 (a) and (c), that the movements in the orbits have two 
lobules at each side of the diagonal axis, folding in P4, where the dynamics of 
the systems turns out to become erratic. The spectrum of this movement is also 
shown in Fig. 3 (b) and (d), where the differences can be appreciated. System 
A produces an oscillation of period two, that makes it jump over the diagonal 
axis alternatively between points consecutive in time. 

To obtain the Symmetric Coupled Logistic Map PRBG, the algorithm pre- 
sented in [10] is applied on System A. Its functional block structure is repre- 
sented in Fig. 4. The threshold values t x and r y are calculated as the medians 
of Xi and yi values calculated for a large set of T — 1000 initial iterations. 




Different O(j) binary sequences are created with Fig. 4 and submitted to sta- 
tistical testing as described in section 3. Unfortunately the sequences so formed 
do not pass the minimum requirements of randomness assessed by Diehard Test 
Suite. The results are found to get worse for larger shift values P or longer se- 
quences. Similar results were obtained for System B. Therefore algorithm in Fig. 
1 it is no directly applicable to other 2D chaotic maps. Something else must be 
taken into consideration in this approach. 

At this point, it was found that the merely equal-statistical division of Xi 
and yi components by median threshold values for a number of initial iterations 
does not work. Moreover it was found that, one must select the division lines 
between sub-spaces so that the new 2D chaotic system follows a finite state 
automata similar to the one depicted in Fig. 2(b). Consequently, the geometrical 
characteristics of the system must be taken into account. 

That means that the substitution of the Henon system block is not enough 
to extend the algorithm to other 2D chaotic systems. One needs also replace 
the sub-space decision block. Therefore a refined knowledge of the geometrical 



properties of the chaotic system is a priory required to build the PRBG. This 
makes the extension of the algorithm possible in fact, but not so straight forward. 
The knowledge of the necessary finite automata can help to make the process 
systematic. 

Let us apply the finite automata scheme to the symmetric coupled logistic 
maps Systems A and B. To get this automata one should chose the diagonal axis, 
as the first division line. This is because, this axis divides phase space in two 
parts each of which is equally visited (50%). And additional statistical calculus 
is required to divide these two sub-spaces, in another two with a visiting rate of 
40%-10% each one. 

When this is done, one can observe that this is got by merely selecting P4 and 
the line perpendicular to the diagonal axis in P4 as the other division line. This 
gives the final sub-space division independence of the initial point or iterations 
and a different geometrical division from the initial cartesian proposal. As a last 
step, the sub-spaces are finally labeled (1,2,3 or 4) according with their position 
in the finite automata to match 2(b). 

The final sub-space division for each system is presented in Fig. 5(b) and 
5(d), along with the indications of the evolution of the visits to each sub-space. 




Fig. 5. (a) Finite automata and (b) final sub-space division for System A. (c) Finite 
automata and (d) final sub-space division for System B. (In both cases, A = 1.07). 



Both systems posses similar statistical properties with different movement 
across the diagonal axis. The automata represented in Fig. 5 (a) and (c), and 
that of Fig. 2(b) are similar in many aspects. The only difference between them 
is the pace of consecutive visits take place, but the mixing proportions of 50%- 
50% and 80%-20% are maintained. From this finite automata is possible to build 
the required Sub-space decision block. 

Finally the initial algorithm in Fig. 1 applied to System A, is modified with 
the appropriate Sub-space decision block. The final PRBG functional scheme is 
represented in Fig. 6. 



Logistic Bimap (System A) Sub-space decision Binary Mixing 




Fig. 6. Functional block structure of the PRBG applied to the symmetric coupled 
logistic map PRBG with System A. 

Different sequences are obtained with the system of Fig. 6 in next sub-section. 
Their randomness is assessed and it demonstrates them statistically valid for 
cryptographic applications. This may indicate that the automata scheme de- 
scribed here represents a sufficient condition to obtain pseudo-randomness. 

Consequently, it may represent a systematic scheme to extend the algorithm 
in [10] to get PRBG on other chaotic maps. The cost of this algorithm and its 
hypothetical achievable key-space for cryptographic applications are also esti- 
mated in subsection 5.3. 

5.2 Pseudo-Random Sequences and Statistical testing 

To assess the randomness of the PRBG obtained in the previous section with 
systems A and B, several sequences are obtained and submitted to the Diehard 
[5] and NIST [4] test suites described in section 3. The significance level of the 
tests was set to a value appropiate for cryptographic applications (a = 0.01). 

Similar results were found for both systems and for simplicity, only those ob- 
tained with system A will be presented here after. Ten sequences were generated 



with six different sets of initial conditions. Their characteristics are described in 
Table 3. 



Sequence 


SI 


S2 


S3 


S4 


S5 


S6 




0.989125 


0.491335 


0.672757 


0.726874 


0.39565 


0.999851 


yo 


0.689125 


0.691335 


0.497757 


0.901874 


0.49565 


0.649851 


A 


1.04869 


1.05392 


1.06961 


1.08007 


1.06438 


1.07489 


P~Dmin 


55 


45 


35 


47 


n.a. 


n.a. 


PNmin 


83 


105 


83 


83 


100 


85 



Table 3. Parameters Pomin and PNmin for different sequences Si, i = 1,..,6, with 
different initial conditions (xo,yo) and map parameter A. 



Six of them (S1,S2,S3,S4,S5 and S6) were tested with Nist tests suite with 
200 Mill, of bits and four of them (S1,S2,S3 and S4) were tested with Diehard 
tests suite with 80 Mill, of bits. Here, the parameters PDmin and PNmin are the 
minimum sampling rate or shift factor, P m in, over which, all sequences generated 
with the same initial conditions and P > P m in pass Diehard or Nist tests suites, 
respectively. It is observed here, that the Nist tests suite requires a higher value 
of P m in and that S5 and S6 were not tested with Diehard battery of tests. 

In the Diehard tests suite, each of the tests returns one or several p-values 
which should be uniform in the interval [0,1) when the input sequence contains 
truly independent random bits. The software available in [5] provides a total 
of 218 p-values for 15 tests, and the uniformity requirement can be assessed 
graphically, when plotting them in the interval [0,1). 

For example Fig. 7 shows the p-values obtained for three sequences (a),(b) 
and (c) with the same initial conditions SI, and different sampling factor P. 
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Fig. 7. Diehard test suite p- values obtained with all tests for initial conditions SI with 
(a) P — 20 , (b) P — Pomin = 55 and (c) P = 110 . In (d), p- values obtained for initial 
conditions S1,S2,S3 and S4 with P = P Dmin of Table 3. 

The first one, Fig. 7(a), demonstrates graphically the failure of the tests, 
for there is a non-uniform clustering of p- values around one. Fig. 7(b) shows the 
uniformity obtained with PDmin — 55 over the interval [0,1). A better uniformity 
can be appreciated when P > PDmin in Fig. 7(c). 

Sequences SI to S4 where proved to pass the Diehard battery of tests with 
significance level a = 0.01. Fig. 7(d) presents a graphical representation of the 
p-values obtained for each sequence with sampling factor P = PDmin of Table 
3. It can be observed that some p-values are occasionally near or 1. Although 
it can not be well appreciated in the figure, it has to be said that those never 
really reach these values. 

In the Nist tests suite [4], one or more p-values are also returned for each 
sequence under test. These values should be greater than the significance level a, 
which was selected to a — 0.01 as in the Diehard case. These tests also require 
a sufficiently high length of sequences and to prove randomness in one test, two 
conditions should be verified. First, a minimum percentage of sequences should 
pass the test and second, the p-values of all sequences should also be uniformly 
distributed in the interval (0, 1). 

For this case, each of the six sequences with initial conditions SI to S6 are 
arranged in 200 sub-sequences of IMill. bits each and submitted to the Nist 
battery of tests. Sequences S proved to pass all tests over a minimum value 
PNmin, shown in Table 3. 

In Fig. 8(a) and 8(b), the results obtained for SI and 54 respectively are 
graphically presented, as an example of what was obtained for each S. The 
tests in the suite are numbered according to Table 1. Fig. 8(a) represents the 
percentage of the 200 sub-sequences of SI, that pass each of the 15 tests of the 
suite. These percentages are over the minimum pass rate required of 96.8893% for 
a sample size = 200 binary sub-sequences. Fig. 8(b) describes the uniformity of 
the distribution of p-values obtained for the 15 tests of the suite. Here, uniformity 



Uniformity of p-values for S4 




(a) (b) 

Fig. 8. In (a), the proportion of sub-sequences of SI that passes each test is displayed. 
In (b) The distribution of p-values of S4 is examined for each test to ensure uniformity. 
The interval between and 1 is divided in ten sub-intervals (CI, C2, CIO), and the 
p-values that lie within each subinterval are counted and plotted. 



is assessed. The interval (0,1) is divided in ten subintervals (CI, C2, CIO) and 
the number of p-values that lay in each sub-interval, among a total of 200, are 
counted and proved to be uniform. 



5.3 Key space size and computational cost 

To establish the complexity, and consequently the speed of the PRBG described 
in Fig. 6, the principle of invariance is observed. This says that the efficiency of 
one algorithm in different execution environments differs only in a multiplicative 
constant, when the values of the parameters of cost are sufficiently high. 

In this sense, the asymptotic behaviour of the computational cost of the 
PRBG is governed by the calculus performed in the chaotic block. This block 
performs P iterations to obtain an output bit, O(j). 

The capital theta notation (6>) can be used to describe an asymptotic tight 
bound for the magnitude of cost of the PRBG. And consequently, the 2D sym- 
metric coupled logistic maps have a computational cost or complexity of order 
(9(P*n). 

Let us determine the operative range of initial conditions and parameters 
values that can be applied to the PRBG in Fig. 6. This range, when the PRBG 
is used in cryptography applications is known as the key-space. Then, this range 
or the key space is determined by the interval of the parameter A and the initial 
conditions that keep the dynamical system in the chaotic regime. These are 
A G [1.032, 1.0843] , x G (0, 1) and y G (0, 1). The sampling parameter can also 
be considered as another parameter of the key space. One must observe that 
P should be kept in a suitable range, so that the PRBG is fast enough for its 
desired application. 



These intervals can be denoted with brackets and calculated as [A] — 0.0523, 
[xo] = 1, [yo] = 1 and [P] = 8890, when taking [P] e [110,9000] as the range of 
the sampling factor. 

Let us consider £32 « 1.1921 x 10~ 7 as the smallest available precision for 
fixed-point representation with 32 bits and its correspondent magnitude €64 ~ 
2.2204 x 10~ 16 for floating-point numbers with 64 bits. These quantities give us 
the maximum number of possible values of every parameter in any of the two 
representations. This is easily computed dividing the intervals by e, as K\ = 
[A]/e, K XQ = [x ]/e, K yo = [y ]/e and K P = [P]/e. 

The total size of representable parameter values is given by K, calculated 
as K = K\ x K XQ x K yo x Kp. K is the size of the available key-space and 
its logarithm in base 2 gives us the available length of binary keys or entries to 
produce pseudo-random sequences in the generator. 

The values obtained for each number precision, are X32 = 2.32 x 10 30 with a 
key length of 100 bits for single precision and K 6 4 = 1.91 x 10 65 , with a key length 
of 216 bits for double precision. These results are encouraging for recommending 
the use of the PRBG in Fig. 6 for cryptographic applications, where a length of 
keys greater than 100 is considered strong enough against brute force attacks, 
[12]. 

Nevertheless, it has to be said in the sake of accuracy that the calculus of the 
key space is a coarse estimation and that a deeper study is required for an exact 
evaluation [12]. One must keep in mind that chaotic systems are highly sensitive 
to the parameter values as well as to the initial conditions and a slightly change 
in its values can produce very different evolutions, even taking the system from 
a quasi-random behaviour to a periodic orbit. This can be easily understood if 
one thinks of the chaotic attractor as an infinite conglomerate of orbits which are 
periodic and unstable. This means that the system jumps from one to another 
without stabilizing in any of them. 

This is the origin of its instability and of its apparent macroscopic random 
behaviour. With a minimum change in the parameters or initial conditions an 
immense quantity of bifurcations are taking place. This means that many peri- 
odic orbits are being created and others are disappearing. So it is possible that 
apparently valid contiguous values in the key-space lead to periodic and random 
behaviour respectively in each case. These phenomena is even more exaggerated 
when computational precision is taken into account. The continuum chaotic tra- 
jectories are truncated and periodicity is prone to appear with more intensity. 
Another possibility is that the dynamics can diverge towards infinity. In the sys- 
tems presented here an initial calculus of 100 iterations is enough to ensure the 
boundless or goodness of the initial conditions. 

6 A new PRBG based on chaotic variables swapping 

The PRBG obtained in Fig. 6 on the Symmetric Coupled Logistic Maps Systems 
A and B demonstrate to have suitable behaviour for most stringent applications, 
such as crypto. Although this could seem promising enough for the algorithm, 



a further improvement could be achieved if one takes advantage of the specific 
symmetry characteristics of these chaotic systems. 

Let us observe that the systems under consideration present a symmetry 
with respect to the diagonal axis. Consider now a simple interchange (or swap) 
of coordinates x and y in an orbit state. This produces a jump to a conjugated 
orbit (see Fig. 9) but the attractor and the chaotic regime are not affected. 

In these circumstances, a swapping of coordinates could be introduced in the 
algorithm of Fig. 6, without altering its pseudorandom properties. In practice, 
the swapping can be an additional step at the input of the system, which is 
applied at specific instants i — 1 as desired. When the swapping is applied at 
a constant rate S, a swap of coordinates is introduced every S iterations, or 
instants of time. This means the following performance: either of the systems 
evolves along one specific orbit during a number of S iterations, then a swap 
in the coordinates is introduced (swapping x «-> y) and a jump to a conjugated 
orbit is produced. 

Let us call S the rate of swapping or the swapping factor. In Fig. 9 a schematic 
diagram is presented to depicter more clearly the swapping procedure in Systems 
A and B. When starting with the same initial conditions, one orbit and its 
conjugated are presented, jumping from one to the other is possible thanks to 
the swapping factor. 
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(a) (b) 

Fig. 9. Five points in the evolution of trajectories for system A (a) or system B (b) 
when starting with A = 1.07 and the same initial conditions [a;o,3/o] (point with 
star marker) and its coordinate conjugated [yo,xo] (point with circle marker). It can 
be observed the symmetry of the conjugated trajectories and the difference between 
systems A and B. In system A there is a jump along the diagonal axis with every 
iteration. 



This novel mechanism of swapping is named by the authors as symmetry- 
swap, for it consists of a swap between coordinates in mappings with particu- 
lar symmetry characteristics. The interesting thing about it, is that no matter 



what number of consecutive iterations and swaps are performed to the system, 
the chaotic behaviour always prevails. Logically, this particular fact will make 
pseudo-randomness to prevail too. 

The authors explored the construction of a swapped PRBG following algo- 
rithm in Fig. 6 with system A as described in section 5, and adding a constant 
swapping factor of value S in the input. Ten pseudo-random binary sequences 
were generated with the same characteristics (initial conditions and length) as 
the ones described in Table 3. A swapping factor of S = 90 was applied for 
sequences to be tested with Diehard test suite. To illustrate a different value, a 
swapping factor of S = 50 was chosen with NIST's suite. The sequences of the 
swapped PRBGs demonstrated similar random results when submitted to the 
tests. Very similar P m in values to those in Table 3, or even the same, were ob- 
tained in all cases. Fig. 10 shows graphically the results obtained and illustrated 
the success of the tests. Unsurprisingly, this demonstrates that in this case the 
symmetry- swap maintains pseudo-randomness. 




(c) 

Fig. 10. In (a), p-values obtained with all tests of Diehard test suite for initial condi- 
tions S1,S2,S3 and S4 with P = Pomin and S = 50. In (b), it is displayed the proportion 
of sub-sequences that pass NIST tests suite with initial conditions SI, P = Pjvmin and 
S — 50. In (c), the distribution of p-values for each test with the same conditions of 
(b) demonstrates the required uniformity. 



It is important to observe at this point, that the introduction of a swapping 
factor S does not penalizes the computational cost of the resulting PRBG. Its 
asymptotic behaviour is again dominated by the chaotic block. As a result, the 
swapped 2D symmetric coupled logistic maps PRBGs have an asymptotic tight 
bound of order G(P * n). 

Another valuable aspect to remark is, that the swapping factor S can offer 
an improvement in the range of input values of the initial PRBG algorithm. In 
cryptography, this means an enhancement in security and it can be obtained 
straight from the fact that S, considered as a constant value, may represent a 
new free parameter in the key-space. 

Let us consider that the useful values of S could range in the interval S = 
[l,n], where n is the number of bits generated. Taking n for a typical value of 
1 Mill, of bits, this would enlarge the key space calculated in subsection 5.3. 
Following analogous calculations, with [S] = 1000000 and Kg = [S]/e, then 
K = K\ x K XQ x K yo x K P x K s will be increased to 143 for single precision 
and to 288 for double precision. The enlargement of the key space makes the 
swapped algorithm stronger against brute force attack than the non-swapped 
one. 

Even more, one may think that the introduction of a swapping factor S can 
be applied in multiple ways. Consider, for example, different values of S used al- 
ternatively in the process, this may make the swapping factor many dimensional. 
Another way could be to consider an S value variable in time. The swapping 
factor can also offer an easy feedback mechanism, when making its value depend- 
able of the output. Therefore the symmetry-swap mechanism is a very flexible 
tool. 

In the end, it can be observed that the symmetry- swap offers a remarkable 
advantage, while maintaining speed and simplicity of the initial PRBG algo- 
rithm. 

7 Conclusions 

In the present work, a refinement of the algorithm exposed in [10] by M. Suneel 
is presented. It consists of the introduction of a finite automata that makes 
possible its application to other chaotic maps. In some way, this finite automata 
could be said to extend the range of application of this algorithm for other 2D 
chaotic systems. This is referred in [7] as making the PRBG chaotic-system-free. 

The fact is that, while systematic, the scheme presented in this paper is not 
straightforward. This is because building the finite automata requires necessarily 
a detailed study of the geometrical properties of the dynamical evolution of the 
chaotic system. 

The authors apply this technique to build two new PRBG using two particu- 
lar 2D dynamical systems formed by two symmetrically coupled logistic maps. A 
set of different pseudo-random sequences are generated with one of the PRBG. 
Statistical testing of these sequences shows fine results of random properties for 
the PRBG. 



The estimation of the PRBG computational cost gives an asymptotic tight 
bound of Q(P * n). The available size of input values or the key space is also 
calculated and a minimum length of binary keys of 100 and 216 bits is obtained 
for simple and double precision respectively. These preliminary results indicate 
a promising quality of the PRBG for cryptographic applications. 

Finally, an enhancement of the previous PRBGs is obtained exploiting the 
symmetry characteristic of the Coupled 2D Logistic maps. This is done by a new 
mechanism named as symmetry-swap, that consists of a coordinate swapping 
operation in the input variables of the chaotic systems. This gadget introduces 
an arbitrary change of orbit in the evolution of the chaotic system. This novel 
strategy is only possible due to the symmetry inherent and characteristic of the 
Coupled 2D mappings. 

It is observed that the symmetry-swap gives an additional degree of freedom 
to the chaotic PRBG algorithm without additional computational penalties. Af- 
ter obtaining this enhanced or swapped PRBG, it is shown that the computa- 
tional cost and pseudo-random properties are similar to the previous PRBGs 
obtained with the non-swapped algorithm. The input values or key space is, 
however, largely increased. Swapping represents a novel strategy for finding ad- 
ditional degrees of freedom in the key space of a chaotic PRBG. Introducing the 
sampling factor P as an additional degree of freedom forces the designer to con- 
sider a trade-off between the range of P values and the speed of the algorithm. 
On the contrary, introducing the swapping factor S implies no extra computa- 
tional cost. Moreover this degree of freedom can be introduced in multiple ways. 
Some examples are to consider it as a constant value, as a time varying one 
or as a feedback mechanism. Therefore the swapping factor S can increase the 
security of the system with great flexibility. 

The role of geometry and symmetry properties in the chaotic PRBG algo- 
rithm presented here has been proved noteworthy. This has been so, to the point 
that valuable achievements have been obtained from them. The authors hope 
that similar considerations on other PRBGs may be useful and help in achieving 
comparable results. 
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